<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>管理</title>
</head>

<body>

<?php 
include_once('..\\common.php');
?>

<?php 
//logout first
session_start(); 
//  这种方法是将原来注册的某个变量销毁
unset($_SESSION['saler']); 
unset($_SESSION['admin']);
//  这种方法是销毁整个 Session 文件
session_destroy(); 
?>

<?php 
//  表单提交后...
$posts = $_POST; 
//  清除一些空白符号 
foreach ($posts as $key => $value) {
    $posts[$key] = trim($value); 
} 
?>

<?php
$username = $posts["username"]; 
$password = $posts["password"]; 

$query = "SELECT * FROM `saler` WHERE `password` = '$password' AND `name` = '$username' AND state='enabled' "; 
//  取得查询结果 
$DB = DBConnect();
$result = mysql_query($query,$DB);

if($myrow = mysql_fetch_row($result)){ 
    //  当验证通过后，启动 Session 
    session_start(); 
    //  注册登陆成功的 admin 变量，并赋值 true 
    $_SESSION["saler"] = true;  
	$_SESSION["salerid"] = $myrow[0];
	$_SESSION["firsttime"] = true;
	
	echo "登录成功";
	header("Location:index.php");
	
} else { 
    die("用户名密码错误"); 
} 
?>


</body>
</html>